On 9/24/07, Mikkel L. Ellertson <mikkel@xxxxxxxxxxxxxxxx> wrote: > Alan M. Evans wrote: > > On Mon, 2007-09-24 at 15:58 -0500, Mike McCarty wrote: > > > >> Because SELinux is not a "thing", it is a way of writing apps. > > > > No, no no! How many times does this have to be explained? > > > > Applications don't need to know anything about SELinux in order to be > > under its purview. Only applications that need to interact with SELinux > > in some way need to know about it. I can easily write a program that > > tries to open a forbidden resource and SELinux can most easily prevent > > it despite that my application only #includes stdio.h and knows nothing > > of the hidden hand that blocks it. > > > Well, in one way it is a way of writing apps - you have to write > apps that are well behaved if they are going to run with SELinux. > Then again, you should be writing apps that way anyway. You could > say that SELinux forces you to write better code. ;-) > > Mikkel change "with" to "under", since most people are running SELinux in targeted mode -- Fedora 7 : sipping some of that moonshine ( www.pembo13.com )